Sunday, October 9, 2022

My thoughts on Vulnerability Management

Vulnerability Management means a lot of reading. You always need to keep yourself updated with current vulnerabilities and attack vectors. You have to always remain open minded i.e. never say "NO" to any domain or technology. Reason, you will have to deal with myriad of vulnerabilities. These vulnerabilities may happen to be in Network devices, Storage devices, Virtual devices, Windows devices, Linux devices, thick and thin clients.

Usually, you will deal with the following teams:
  1. Windows Team - Hence good to have basic understanding of Windows architecture, AD, GPO and related configurations
  2. Linux Team - Hence good to have basic understanding of Linux architecture and related configurations
  3. Network Team - Hence good to have basic understanding of router, switch, firewall, proxy and load balancer
  4. Storage Team - Hence good to have basic understanding of storage methodologies such as SAN and NAS
  5. Virtualization Team - Hence good to have basic understanding of hypervisors such as host OS and bare metal
  6. Application Team - Typically you will deal with Web applications but thick clients are equally important

Have basic understanding of security solutions such as WAF, firewalls, DLP, SIEM, Access management and Endpoint security. You should also have basic understanding of compliance standards and different types penetration techniques such as web, mobile and network. As, many companies have started to leverage cloud solutions, cloud security also has gained immense importance.

Lastly, VM solutions gather a lot of data. Hence, you need to be good with data analytics and hence, with Microsoft Excel especially with formulas and VBA. Scripting languages such as Python, VB, Batch and Shell scripts will help in automating standard processes and tasks. 

Please note, there are few words which I have intentionally repeated like "basic" and "understanding". You are not Swami Vivekananda. You cannot become SME of above mentioned topics in a year or few years.

So keep learning and never give up !!

Happy Learning !!
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Vulnerability Management - Understanding vulnerability posture

Understanding the vulnerability posture of an organisation at a basic level helps you drive remediation efforts. So, I don't know what t...